Why Hackers Do The Things They Do?
Hackers. You know them as gangly kids with radiation tans caused by too many late nights in front of a computer screen. Evil beings who have the power to wipe out your credit rating, cancel your cable TV, raise your insurance premiums, and raid your social security pension. Individuals who always avert their eyes and mumble under their breath about black helicopters and CIA transmissions. Paranoid, social deviants who could start World War III from the privacy of their bedrooms. Or so the mainstream media would have you believe.
In reality, most hackers are ordinary people with a great deal of curiosity, above-average skills with a computer, a good understanding of human nature, and plenty of time to kill. Hackers have no distinguishing characteristics. Your next-door neighbor could be a hacker, as could your niece or nephew, one of your co-workers, or even the kid who serves you coffee in the morning. Not all hackers are dangerous and out to destroy business or damage lives. The view of the general public toward hackers is mixed. A recent CNN-poll shows 33% of respondents labeling hackers as “useful,” 17% seeing them “as a menace,” and the majority (45%) seeing hackers as “both” useful and a menace (CNN, 1999).
Why do hackers go through all the trouble to do what they do? Most people in society do not spend the time to break into computer systems. It does not have much appeal to them. Why then do certain people spend so much of their time and energy accomplishing these feats of technological wizardry? What is the cause that turns those mostly above-average intelligent people to pursue a criminal career, and destroy their otherwise very successful careers? Why do they commit these computer related crimes as an obsession?
There are probably as many answers to that question as there are hackers (maybe more). It is important to realize that these people are individuals with their own hopes, fears, desires, and everything else that comes with being human. However, there are general patterns to the motivation behind the computer hacker’s drive to manipulate technology. The problem of hacker motivation is probably one of the more interesting questions concerning this sub-culture (Hacker-Bible, 1995).
Hackers rarely use information to gain wealth. This is not considered socially acceptable. Carding (using stolen credit card numbers for profit) is “poison to the underground,” and “doesn’t make one a hacker, it makes one an idiot. They do, however, use it within their group to stratify themselves. Hackers with the most information gain the highest prestige within the community. They also gain a great deal of power from that information. Most people cannot cancel the phone service of those who upset them. To a truly proficient hacker, this is not a very difficult problem. Hacking involves the accumulation of knowledge, which is accompanied by the greater status and power.
To almost all computer professionals the actions of hackers are despicable and justify all sorts of nasty punishments. I fully agree that hacking is a criminal offense and should be prosecuted. The only thing that bothers me from a moral standpoint is that these criminals are essentially the cyberspace equivalent of teenage vandals. They do not know the implications of what they are doing. These people are displaying situational morality, and their actions are random, yet predictable.
Many professionals argue that the cause why hackers hack is about the same as any other criminal. It mostly has to do with their families, and friends and the environment they grew up in. I agree with professionals at this point and I believe that the issue goes back to how they are raised. I am not saying that these people have bad parents. I think that while parents go around telling their children not to do drugs, to study hard in school, etc., they do not tell their children that it is bad to break into computer systems. Parents don’t think of discussing it. This leaves teenagers to learn the morals of computer hacking on the streets, and in this case, cyberspace. They learn about hacking on bulletin boards, chat lines, etc. Are there established experts in the field on these forums to discuss the moral issues of hacking? Clearly not, they don’t have the time or desire to associate with these people. The hackers therefore learn their morals from other hackers.
The hacker morality has been developed over the years to be self-serving in justifying their actions. Newcomers to the community learn the morality by associating with established hackers. There is a desire to impress each other, and there is a fear about their heroes, such as the Legion of Doom and the Masters of Deception. Are their heroes criminals? Not to the hackers. They are political prisoners for “knowing too much,” or at least that is what everyone is telling them. There are no established security experts visible to the general population to let the hackers know the actual damage that these people created or the real criminal actions that they committed.
Hackers also do not know about the costs associated with their actions. All studies indicate that hackers are generally young, and do not have full-time jobs or own property (Hacker-Bible, 1995). They do not consider that if they do get into a system and make an unintentional, simple mistake, they could cost the company thousands, and possibly millions, of dollars. I would dare say that every computer professional, including the best, have made a mistake that has caused the loss of data, service or money. Hackers have never been in a real situation to understand this issue (CERT, 2000). They do not know what a System Administrator is faced with on a day-to-day basis, and neither do they realize the extent of the problem they cause for already overworked people. They also do not comprehend that a company detecting an intrusion must investigate to see the extent of it. This has a cost of thousands of dollars associated with it (CERT, 2000).
Hacker morality says investigating intrusions is a cost of doing business, and it is the company’s fault for having poor security. Hackers, as individuals, have never had to balance limited resources themselves, and cannot empathize with others. There is also a more threatening aspect of hacker morality; there are many variations of it. Some hackers believe that it is all right to punish people and companies that they do not like, while others find the action wrong. Others believe that it is all right to steal money and resources, if it goes to support hacker actions. This is very dangerous. Even though many hackers might disagree with these types of actions, they will not rip off others, which is considered the most degrading thing that a hacker could ever do. In my opinion, all of these attitudes come from the same source; a morality that is learned from other hackers, without role models from the legitimate information security community.
While it is wrong to stereotype hackers as evil people with malicious criminal intentions, they cannot be stereotyped as compassionate freedom fighters as the hackers like to see themselves. Hackers must also realize that the actions of criminals will always reflect poorly on the hacker community as a whole, until the hacker community tries to police itself, which will never happen. Their actions are by definition, criminal. They can suffer consequences, which include being criminally prosecuted and hated by the information security community.
The information security profession must also be more visible in a way that gets children, before the hacker community gets them. Hacking can be very exciting for a teenager who can be considered a hero by others. Somehow the profession must get together to teach parents and schools that they must teach their children about hacking, before somebody else does.
Chaos Computer Club (January 05, 1995) Hacker-Bible
The New Hackers Dictionary (Online Edition, 1st edition) World Wide Web: